Skip to content

chore(warp): allow WARP devices to authenticate to Access apps#7

Merged
xnoto merged 1 commit intomainfrom
chore/warp-auth-for-access
Apr 30, 2026
Merged

chore(warp): allow WARP devices to authenticate to Access apps#7
xnoto merged 1 commit intomainfrom
chore/warp-auth-for-access

Conversation

@xnoto
Copy link
Copy Markdown
Contributor

@xnoto xnoto commented Apr 30, 2026
edited
Loading

Summary

Flip `allow_authenticate_via_warp` on the Zero Trust organization from `false` to `true`. WARP-enrolled devices get a valid Access session automatically, so protected hostnames (`k3s.makeitwork.cloud` and any future Access-fronted hosts) work without the browser OIDC redirect for already-trusted devices.

Off-WARP devices keep going through the OIDC flow as before — the change is additive, not a relaxation.

Test plan

  • After apply: WARP-on devices reach `https://k3s.makeitwork.cloud\` and `cloudflared access tcp --hostname k3s.makeitwork.cloud …` without the browser OAuth handoff
  • Off-WARP devices still see the Cloudflare Access OIDC redirect

🤖 Generated with Claude Code

@xnoto
chore(warp): allow WARP devices to authenticate to Access apps
6e932d1 
Flip allow_authenticate_via_warp on the Zero Trust org. WARP-enrolled
machines now get a valid Access session for protected hostnames without
the browser OIDC redirect, so kubectl over k3s.makeitwork.cloud works
seamlessly on WARP. Off-WARP devices still authenticate via OIDC.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

OpenTofu Plan

OpenTofu will perform the following actions:

  # cloudflare_zero_trust_organization.main will be updated in-place
  ~ resource "cloudflare_zero_trust_organization" "main" {
      ~ allow_authenticate_via_warp = false -> true
      + mfa_configuration_allowed   = (known after apply)
      + mfa_required_for_all_apps   = (known after apply)
        name                        = "makeitworkcloud.cloudflareaccess.com"
      + ui_read_only_toggle_reason  = (known after apply)
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@xnoto xnoto merged commit 3277358 into main Apr 30, 2026
3 checks passed
@xnoto xnoto deleted the chore/warp-auth-for-access branch April 30, 2026 03:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xnoto